Re: [SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities
From: Marcin Owsiany <porridge@debian.org>
Date: Mon, 14 May 2007 13:49:06 +0100
Message-id: <20070514124906.GA10672@kufelek>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20070513113316.GA5580@galadriel.inutil.org>
References: <20070513113316.GA5580@galadriel.inutil.org>

On Sun, May 13, 2007 at 01:33:16PM +0200, Moritz Muehlenhoff wrote:
> CVE-2007-1496
> 
>     Michal Miroslaw reported a DoS vulnerability (crash) in netfilter.
>     A remote attacker can cause a NULL pointer dereference in the
>     nfnetlink_log function.

CVE says:
| nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows
| attackers to cause a denial of service (crash) via unspecified vectors
| involving the (1) nfulnl_recv_config function, (2) using "multiple
| packets per netlink message", and (3) bridged packets, which trigger a
| NULL pointer dereference.

Could someone who knows netfilter a bit better comment on this? In what
circumstances in real life is this exploitable? Is there any workaround?
I'm not using bridging, I don't care about logging, so I'm happy to
disable it, I'm not sure what that netlink thing means..

Marcin
-- 
Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

Reply to:

Prev by Date: security mirror out of date: 128.101.240.212
Next by Date: Re: security mirror out of date: 128.101.240.212
Previous by thread: Re: security mirror out of date: 128.101.240.212
Next by thread: debian.org DNSs allow unrestricted zone transfers
Index(es):
- Date
- Thread